Cisco Talos recently uncovered a sophisticated attack campaign targeting Japanese organizations through CVE-2024-4577 [1], a critical PHP-CGI remote code execution flaw with 79 exploits available. While Talos focused on victimology and attacker tradecraft, GreyNoise telemetry reveals a wider exploitation pattern demanding immediate action from defenders globally.
Attack Overview - According to Cisco Talos, the threat actor exploited PHP-CGI installations on Windows systems to deploy Cobalt Strik
